diff options
| author | Vladimir Homutov <vl@nginx.com> | 2020-03-26 12:11:50 +0300 |
|---|---|---|
| committer | Vladimir Homutov <vl@nginx.com> | 2020-03-26 12:11:50 +0300 |
| commit | 715d8a250b58c10d87fa44b63367a30ae0bf47c9 (patch) | |
| tree | d1c5487202cb416d6a717a6aeb0de03cdc6107ec /src/event/ngx_event_quic.c | |
| parent | bcd54c26431cca5322c2413e88cbbf3097230ea4 (diff) | |
| download | nginx-715d8a250b58c10d87fa44b63367a30ae0bf47c9.tar.gz nginx-715d8a250b58c10d87fa44b63367a30ae0bf47c9.tar.bz2 | |
Removed memory allocations from encryption code.
+ ngx_quic_encrypt():
- no longer accepts pool as argument
- pkt is 1st arg
- payload is passed as pkt->payload
- performs encryption to the specified static buffer
+ ngx_quic_create_long/short_packet() functions:
- single buffer for everything, allocated by caller
- buffer layout is: [ ad | payload | TAG ]
the result is in the beginning of buffer with proper length
- nonce is calculated on stack
- log is passed explicitly, pkt is 1st arg
- no more allocations inside
+ ngx_quic_create_long_header():
- args changed: no need to pass str_t
+ added ngx_quic_create_short_header()
Diffstat (limited to 'src/event/ngx_event_quic.c')
| -rw-r--r-- | src/event/ngx_event_quic.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c index 7f314ffb3..43cd48530 100644 --- a/src/event/ngx_event_quic.c +++ b/src/event/ngx_event_quic.c @@ -1365,8 +1365,9 @@ static ngx_int_t ngx_quic_send_packet(ngx_connection_t *c, ngx_quic_connection_t *qc, enum ssl_encryption_level_t level, ngx_str_t *payload) { - ngx_str_t res; - ngx_quic_header_t pkt; + ngx_str_t res; + ngx_quic_header_t pkt; + static u_char buf[65535]; static ngx_str_t initial_token = ngx_null_string; @@ -1377,6 +1378,7 @@ ngx_quic_send_packet(ngx_connection_t *c, ngx_quic_connection_t *qc, pkt.level = level; pkt.dcid = qc->dcid; pkt.scid = qc->scid; + pkt.payload = *payload; if (level == ssl_encryption_initial) { pkt.number = &qc->initial_pn; @@ -1394,9 +1396,12 @@ ngx_quic_send_packet(ngx_connection_t *c, ngx_quic_connection_t *qc, pkt.secret = &qc->secrets.server.ad; } - if (ngx_quic_encrypt(c->pool, c->ssl->connection, &pkt, payload, &res) - != NGX_OK) - { + // TODO: ensure header size + payload.len + crypto tail fits into packet + // (i.e. limit payload while pushing frames to < 65k) + + res.data = buf; + + if (ngx_quic_encrypt(&pkt, c->ssl->connection, &res) != NGX_OK) { return NGX_ERROR; } |